XSS and Deserialization Chain Attack

xss, deserial, dotnet, jwt, windows

Overview #

This attack was from HTB Cereal which performs a deserializaton attack. In order to execute the deserialization payload, an XSS payload must be triggered to bypass the IP restriction.

This attack also makes use of a forged JWT token.

The method here came from 0xdf writeup.